Search

Subscribe

"Scareware" Vendors Sued

Microsoft Corp. and the state of Washington this week filed lawsuits against a slew of "scareware" purveyors, scam artists who use fake security alerts to frighten consumers into paying for worthless computer security software.

The case filed by the Washington attorney general's office names Texas-based Branch Software and its owner James Reed McCreary IV, alleging that McCreary's company caused targeted PCs to pop up misleading security alerts about security threats on the victims' computers. The alerts warned users that their systems were "damaged and corrupted" and instructed them to visit a Web site to purchase a copy of Registry Cleaner XP for $39.95.

I would have thought that existing scam laws would be enough, but Washington state actually has a specific law about this sort of thing:

The lawsuits were filed under Washington's Computer Spyware Act, which among other things punishes individuals who prey on user concerns regarding spyware or other threats. Specifically, the law makes it illegal to misrepresent the extent to which software is required for computer security or privacy, and it provides actual damages or statutory damages of $100,000 per violation, whichever is greater.

When last checked there really isn't any spyware affecting Linux or BSD. I feel sorry for people who buy software and get meh when they could do better for free. Many Windows users are clueless and some have no choice, but just as many ought to know better and don't.

I love this. My company has gotten computers infected with this stuff to clear off. It seems the last few months have been worse than other. I would rather lose the small ammount of income, we get from jobs like this, than for companies like this to continue.
In the state I am located in, there is really no recourse for victims of companies like this one. I always wonderd myself how legal it was to do this. Alot of them look exactly like a MS system pop-up. Hopefully this sends a message, and this kind of stuff goes away.

The penalty is set at $1000 per violation. In addition, the court can triple that "if the defendant has engaged in a pattern and practice of violating this chapter." That's got some teeth...

In January of this year, house bill 2879 was raised to add the following deceptive actions:

* Modifying settings for opening web pages, search engines, bookmarks, and toolbars;
* Misrepresenting that software will be uninstalled or disabled by an owner or operator's actions; and
* Misrepresenting that software is necessary for security, maintenance, repair, or privacy reasons.

If you download and install the Firefox add-in called Active Whois, the first time you use it, you are prompted to download an executable from Russia that installs itself (bypassing all your security), and then after a bit.. demand money from you to use their service.

Hey, can we keep this on discussion about computers and not partisan politics. You partisan politics people make me sick. Take your crap to your preferred blog of choice and stop poisoning tech blogs with political crap.

@kwertee
Although Linux doesn't generally have spyware like Windows does, it does have viruses and rootkits. It's just that more often the value of a Linux box is as a command and control server, or as a spam blaster, rather than as a means to sniff accounts and passwords. I've never before seen (personally, heard of yes) a desktop Linux system that's been compromised, but I've personally helped clean a nasty rootkit job off a Linux server. Incidentally the rooted system was being used for two purposes, first and foremost it was being used to try to find more hosts to root (we received logs from other hosts as well as inspected our own logs and saw the system attempting a whole slew of exploits, mostly targeted at PHP forum software). Secondly it was being used to send e-mail and forum spam.

I don't see how this can be illegal when every politician in public office (in the US) got there by convincing the voters (or Diebold at least) that there is a CRISIS RIGHT NOW and THEY are the ONLY ones that can fix it.

When will they go after norton and macafee consumer tools, which, granted are not marketed the same way, but which frequently fall into the placebo category -- personally, I've had to go in and reinstall systems for several people, recently who received trial versions of this "neccesary security software" that crippled their brand-new machines to pre-windows95 slowness....

I would like to see some action taken against the people that accept such advertisements. I've seen some legit sites have these lying ads on them, and I think it's irresponsible of them to allow that to happen. If they are from a service, then it is the responsibility of the service to review the ads. You cannot allow unscrupulous people to target your users and claim that you are innocent.

They have been accused in the past of writing "protection" for malware that did not exist outside of their labs and of deliberatly ignoring certain rootkits developed by a large media organisation.

Further Mcafee had significant issues with the fact that it's software had lowlevel hooks into MS Browser software, and they did not do update testing on some MS platforms (ME) correctly. The resulted in compleatly corupted machines that even their thirdline support staff could not sort out. I eventually had to do a compleate re-instal on a journalist's computer which Mcafee's software had "infected" and "disabled".

Secondly as for MS (and others) and their past security software attempts...

I'm just thankfull that there are alternative OS's out there (apart from Linux ;) where the number of attacks are less frequent, they tend to be easier to "lock down" and some of the OS vendors/suppliers have a history of making security patches available fairly promptly (by the then prevailing industry standards).

Thirdly should compleate ICT novicies be alowed to conect to public networks to the detriment of others (after all in most "western" countries you need a license insurance and a road worthy car to drive on the public roads)

But should there be extra legislation to invent new crimes?

Especialy when as some have pointed out above it appears to protect those companies who's (in/)actions caused the problem to start with...

Then in such a fast moving industry there are the questions of how do, unknowledgable legislators frame it correctly, and even less knowledgable authorities implement, it down to the judges and juries that have little or no hope of understanding it decide on guilt or not.